mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
LDAP: add tests for initialBind (#17132)
* LDAP: add tests for initialBind * LDAP: clarify comment for Login()
This commit is contained in:
parent
db48ec1f08
commit
a0f5923b95
@ -122,13 +122,13 @@ func (server *Server) Close() {
|
||||
server.connection.Close()
|
||||
}
|
||||
|
||||
// Login intialBinds the user, search it and then serialize it
|
||||
// Log in user by searching and serializing it
|
||||
func (server *Server) Login(query *models.LoginUserQuery) (
|
||||
*models.ExternalUserInfo, error,
|
||||
) {
|
||||
|
||||
// Perform initial authentication
|
||||
err := server.intialBind(query.Username, query.Password)
|
||||
err := server.initialBind(query.Username, query.Password)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -159,7 +159,7 @@ func (server *Server) Login(query *models.LoginUserQuery) (
|
||||
|
||||
// Add adds stuff to LDAP
|
||||
func (server *Server) Add(dn string, values map[string][]string) error {
|
||||
err := server.intialBind(
|
||||
err := server.initialBind(
|
||||
server.config.BindDN,
|
||||
server.config.BindPassword,
|
||||
)
|
||||
@ -190,7 +190,7 @@ func (server *Server) Add(dn string, values map[string][]string) error {
|
||||
|
||||
// Remove removes stuff from LDAP
|
||||
func (server *Server) Remove(dn string) error {
|
||||
err := server.intialBind(
|
||||
err := server.initialBind(
|
||||
server.config.BindDN,
|
||||
server.config.BindPassword,
|
||||
)
|
||||
@ -381,7 +381,7 @@ func (server *Server) secondBind(
|
||||
return nil
|
||||
}
|
||||
|
||||
func (server *Server) intialBind(username, userPassword string) error {
|
||||
func (server *Server) initialBind(username, userPassword string) error {
|
||||
if server.config.BindPassword != "" || server.config.BindDN == "" {
|
||||
userPassword = server.config.BindPassword
|
||||
server.requireSecondBind = true
|
||||
|
@ -75,6 +75,71 @@ func TestLDAPHelpers(t *testing.T) {
|
||||
})
|
||||
})
|
||||
|
||||
Convey("initialBind", t, func() {
|
||||
Convey("Given bind dn and password configured", func() {
|
||||
connection := &mockConnection{}
|
||||
var actualUsername, actualPassword string
|
||||
connection.bindProvider = func(username, password string) error {
|
||||
actualUsername = username
|
||||
actualPassword = password
|
||||
return nil
|
||||
}
|
||||
server := &Server{
|
||||
connection: connection,
|
||||
config: &ServerConfig{
|
||||
BindDN: "cn=%s,o=users,dc=grafana,dc=org",
|
||||
BindPassword: "bindpwd",
|
||||
},
|
||||
}
|
||||
err := server.initialBind("user", "pwd")
|
||||
So(err, ShouldBeNil)
|
||||
So(server.requireSecondBind, ShouldBeTrue)
|
||||
So(actualUsername, ShouldEqual, "cn=user,o=users,dc=grafana,dc=org")
|
||||
So(actualPassword, ShouldEqual, "bindpwd")
|
||||
})
|
||||
|
||||
Convey("Given bind dn configured", func() {
|
||||
connection := &mockConnection{}
|
||||
var actualUsername, actualPassword string
|
||||
connection.bindProvider = func(username, password string) error {
|
||||
actualUsername = username
|
||||
actualPassword = password
|
||||
return nil
|
||||
}
|
||||
server := &Server{
|
||||
connection: connection,
|
||||
config: &ServerConfig{
|
||||
BindDN: "cn=%s,o=users,dc=grafana,dc=org",
|
||||
},
|
||||
}
|
||||
err := server.initialBind("user", "pwd")
|
||||
So(err, ShouldBeNil)
|
||||
So(server.requireSecondBind, ShouldBeFalse)
|
||||
So(actualUsername, ShouldEqual, "cn=user,o=users,dc=grafana,dc=org")
|
||||
So(actualPassword, ShouldEqual, "pwd")
|
||||
})
|
||||
|
||||
Convey("Given empty bind dn and password", func() {
|
||||
connection := &mockConnection{}
|
||||
unauthenticatedBindWasCalled := false
|
||||
var actualUsername string
|
||||
connection.unauthenticatedBindProvider = func(username string) error {
|
||||
unauthenticatedBindWasCalled = true
|
||||
actualUsername = username
|
||||
return nil
|
||||
}
|
||||
server := &Server{
|
||||
connection: connection,
|
||||
config: &ServerConfig{},
|
||||
}
|
||||
err := server.initialBind("user", "pwd")
|
||||
So(err, ShouldBeNil)
|
||||
So(server.requireSecondBind, ShouldBeTrue)
|
||||
So(unauthenticatedBindWasCalled, ShouldBeTrue)
|
||||
So(actualUsername, ShouldBeEmpty)
|
||||
})
|
||||
})
|
||||
|
||||
Convey("serverBind()", t, func() {
|
||||
Convey("Given bind dn and password configured", func() {
|
||||
connection := &mockConnection{}
|
||||
|
Loading…
Reference in New Issue
Block a user